News


123-Reg Deletes Customer Websites in Error


A recent software coding error meant that a clean up exercise on 123-reg servers was a bit more thorough than the company or some of their customers expected. As an IT Support Company in Hertfordshire we know only too well how vital a website is to a business. Imagine the shock therefore of some 123-reg customers when they discovered that their website had been deleted, and no back up was available unless they’d expressly paid for that service or backed things up themselves.


How It Happened

It is normal for web hosts to store multiple websites on rented space on web servers and in that respect 123-reg is no different in renting out space on its a virtual private server (VPS). Cleaning up servers as part of maintenance is therefore important but in the case of 123-reg on this occasion it used software with automated scripts to ‘clean up’ the servers. Unfortunately a coding error in that software resulted in the deletion of multiple customer websites. The software was intended to detect server activity but the automatic deletions were triggered when the script wrongly showed several VPSs as running no servers.

67 Servers Across Europe

The customers who lost their websites in the incident had their websites hosted on 67 of the 115,000 servers that 123-reg has spread across Europe. 123-reg is part of Host Europe Group (HEG), which is reported to have described itself as Europe’s largest privately owned hosting company. 123-reg has 800,000 customers in the UK where it hosts 1.7m sites.
The fault actually occurred on the morning of Saturday 16th April and an email was sent to customers explaining what had happened the following day.

Back Up

Reports indicate that as the VPS service in this case was “unmanaged” and123-reg did not have back ups of all the customer websites affected unless those customers had also specifically purchased back up. Customers who hadn’t purchased the back up aspect had therefore been responsible for backing up their websites themselves.

123-reg is however now reported to be using a data recovery specialist to "manage the process of restoration" although this will be on a on a case-by-case basis and therefore is likely to take considerably longer to resolve than those customers with backups who were able to be back online the next day.

Customer Reaction

As an IT Support Company in Hertfordshire we can imagine that the response from customers who had lost their websites would not have been one that any hosting company would like to be on the end of, and it wasn’t in this case! Reaction was predictably very angry and swift as customers took to social media like Twitter to voice their fury and frustration about how it could possibly happen, the levels of communication that they had received from the company about it, plus the impact that it would have on their businesses. Lost sales (goods, services and tickets), loss of potential new business and funding, as well as potential loss of the business itself were all concerns raised by customers.

What Does This Mean For Your Business?

This incident indicates how important it is for your business to make sure that you and / or the company that hosts your website has a secure backup of your website as well as other critical business data. Making this one of the key selection criteria for your host / hosting service could therefore save you from some serious problems in the future.

The incident also highlights how important the host selection process is in the first place, and to carefully choose a host whose services and capacity closely match the specific requirements and scale of your business both now and in the foreseeable future.
This particular incident also shows how fully automated processes can save time, but building in a simple human check at crucial points in a high potential risk system could save a lot of trouble and heartache.

Another important lesson to be learned here is that as part of IT governance in today’s business environment, and as part of your responsibility to your stakeholders it is necessary to have a disaster recovery process in place.


Why Is Disposable Email So Popular?


Taking great care in who we give our email address to can be an important factor in reducing the amount of spam we get. As an IT Support Company in Hertfordshire we have often encountered situations where dealing with spam emails has become a time consuming and frustrating business for some companies. For many companies it’s virtually impossible to keep track of where their email address has been used in the past or which commercial lists and databases it has ended up on. Spam filters, removal of text email addresses and strict email policies all help but there are occasions when we need to give an email address to sign up to something / download something useful.

Disposable E-mail Could Be One Answer

Using a disposable email address when you don’t feel 100% comfortable giving out your business or personal email address can be a way to put you back in control, and to defend yourself against more spam.

What Are They?

Disposable email services, many of which are free, are operated via websites where you can generate new and individual email addresses and email aliases, and in some cases associated domain names. Depending on the disposable email service you choose the email addresses, and the mails received in the inbox (and domains) are deleted within specified short time period. This breaks the link between you and the spammers while allowing you enough time to get the information you want.

The Benefits of Disposable Email

As an IT Support Company in Hertfordshire we are hearing from more and more businesses who use disposable email because of its unique benefits. The benefits of using disposable emails for you and your business include:

  • Avoiding more SPAM and keeping your spam inbox clear
  • Maintaining your anonymity
  • They are very easy and fast to set up
  • Disposable email addresses can be created for very specific purposes and can be customized for the requirements, thus making them just as effective as using your own, but without the risks
  • Emails received back can be easily kept separate / can be easily deleted as can any spam received
  • The short time constraint on the existence of the email address means that the effects of using it are only very short term and therefore can be easily managed
  • They can be completely outsourced so they don’t require extra software or hardware
  • They don’t interfere with your existing email infrastructure but can be operated in parallel in a handy, easy to operate way
  • They can offer generous or no limits on the number of disposable email addresses per account and the size of incoming and outgoing messages, which means that they provide plenty of capacity and scope
  • They can come with administrative consoles / dashboards that give you full control over all your user accounts.

Popular Examples of Disposable Email Services

Googling disposable email services gives a wide range option but here are some of the more popular examples of disposable email services:

GuerrillaMail - see https://www.guerrillamail.com/ Allows creating email addresses with nine domain names. No registration needed and email addresses last an hour.

Mailinator - see https://www.mailinator.com/ Free web-based addresses created as messages are received, with no registration required. Publicly visible email.

Air Mail - see http://getairmail.com/ Auto generated email address which gets changed every 10 seconds. You can read your inbox via your browser at a later time using a unique URL.

10 Minute Mail - see http://10minutemail.com/ Copy and paste email onto clipboard, expires in 10 minutes. Gives the option of extra 10 more minutes by clicking a link.

YOPmail - see http://www.yopmail.com/ No registration, no password. Messages are kept 8 days. Free, and fast.

MaskMe - see https://www.abine.com/maskme/ Very versatile. Mask your email, phone, and credit card as you browse and shop on the web.


Warning: ‘Smash and Grab’ Ransomware Scam

Cyber crime is how commonplace and an important role of IT governance is to make sure that your organisation is aware of the risks, well prepared, and well protected against the many threats to your data, networks, systems, physical and information assets.


As an IT Support Company in Hertfordshire we often help customers with the many different aspects of their IT security. One kind of threat that has shown quite significant growth this year is malware, and specifically ransomware scams. One of these scams that has claimed many UK victims recently is dubbed ‘Maktub’ and has led to the UK's national fraud and cybercrime reporting centre ‘Action Fraud’ call centre receiving 500 calls. Here is a bit more information about what has been described as a kind of ‘smash and grab’ ransomware attack because of its speed and effectiveness.

How the Scam Works

The ‘Maktub’ scam that was first brought to the public’s attention by Radio 4’s ‘You and Yours’ programme uses a combination of tactics to extract money from its UK victims. The first step is a phishing style email informing the victim that they owe £800 to a named UK business or charity (some well known names, some not). What adds an air of apparent credibility to the email is the fact that the targeted organisation’s postal address is included in the email. The email body also contains a link.

If the link is clicked on this starts the second step of the process which is the loading of malware (ransomware) onto the victim’s computer. The ransomware immediately takes anything of value on the hard drive and encrypts it, and this triggers the next step.

The third step is the victim being issued with a ransom demand (a bitcoin payment) for the release of the information that increases with time the longer the ransom is not paid. A website associated with the scam reportedly displays the rates at 1.4 bit coins ($580) for the first 3 days rising to 1.9 bit coins ($790).

Where Did They Get The Addresses?

The scam has unfortunately proved to be quite successful so far, and many people have asked how the criminals were able to get the postal address and link it with the name and email address for the victims. The most likely explanation is that the perpetrators obtained the data from a leaked or stolen database. This would of course also be better for the perpetrators because it makes them even harder to track down. The scam has also caused distress to the charities whose names were wrongly and unlawfully used in the emails as the creditors.

What Does This Mean For Your Business?

Even if you’re an IT Support Company in Hertfordshire you’re still as much as a legitimate target as any other organisation anywhere else for cyber criminals. We would urge everyone to take the advice of Action Fraud which is that if your business receives such an email, not to click on the link under any circumstances but to delete email from your system and to inform Action Fraud. In order to protect your business from this and other similar scams you may wish to, as part of an enterprise wide governance approach, employ a number of IT security strategies.


Facebook Announcement Fuels Rise of Bots

As and IT Support Company in Hertfordshire we are not involved in A.I. projects on a very regular basis but we are very interested in the many different ways that it is now being, and will be used in more aspects of work and home life in the near future.


Some recent news that has been of particular interest therefore is the announcement of Facebook’s plans at the F8 developer conference about Bots and how anyone can now make their own bot using Facebook’s application programming interface (API) known as ‘Messenger Platform’.

Creating Our Own Bots, Powered by the ‘Central Brain’

Giving people access to the know-how within Facebook’s API means that users can now create their own uniquely intelligent bots which will then be powered by Facebook's Bot Engine, likened to a kind central brain for collective learning. The link-up with the Bot Engine means that collective learning can be passed on to the bots, thus making them more ‘intelligent’ and better at the tasks they were designed for. The predictions are therefore that Facebook’s plans could trigger a bot development gold rush, and in so doing help Facebook to gain an advantage over competitors Apple, Microsoft and Google. It could also be another possible source of future revenue for Facebook. For bot developers access to Facebook’s resources in this way could be a huge commercial opportunity.

About Bots

As an IT Support Company in Hertfordshire we’re well aware that IT jargon and techie terms for things can sometimes be unhelpful, so here’s a quick explanation of what is meant by bots.

Bots are essentially computer software programs that can interact with using Artificial Intelligence e.g. Chatbots that can answer questions and chat in a way online that resembles human conversation. The hope is that these kinds of bots can bring a kind of conversation back to business that has been lost in the drive for growth scale. For example a bot could act as our very own digital personal assistant that is able to learn about our likes, dislikes and interests, answer our questions and help us to organise our lives.

The Benefits of Bots

Taking chatbots as an example the benefits for an organisation using them include:

  • They are cheaper than training humans
  • Some studies have shown that people can prefer dealing with bots on websites rather than humans on the phone. Research firm Gartner for example estimates that up to 85% of customer service centres will go virtual by 2020.
  • They are very well suited to many value adding service tasks.
  • Companies should theoretically have much more control over messages given out and the consistency of those messages.

What Can They Really Do?

There are many real-life examples of how bots are being used by organisations world wide right now. These include:

  • The bots used on the Chinese texting service WeChat. These are used to pay for meals, order movie tickets and to allow users to send each other presents.
  • The virtual assistants used by Lloyds bank, Renault, many accounting firms, retailers and local governments to help guide users through their websites.
  • The Taco Bot used by Taco Bell to help users order meals.
  • Bots used by Kik (an instant messenger app for mobile devices) to answer questions about the weather, give make-up tips and guide people around websites.

Other soon-to-be launched / soon-to-be developed bots include:

  • The New York robot lawyer bot that appeals against parking tickets on your behalf. (used by 150,000 people so far).
  • Bots to interact with customers on Skype, its video and messaging service. These will be developed by Microsoft users.

Why Now?

The days of using lots of different apps to get things done are now on the decline. Recent Forrester Research for example estimated that 80% of the typical US Smartphone user's time was spent in just 5 apps. Also there have been some major new developments in A.I. such as deep learning and neural networks. These have meant that chatbots can learn from data sets and mimic the way that the human brain works.

Drawbacks

As with all new ideas there are plenty of examples of things not going to plan and plenty of potential flaws. Twitter users for example found great amusement in exploiting the learning aspect bots by training Microsoft’s chatbot ‘Tay’ to give racist and inappropriate answers. Many people also have concerns about security whereby bots which learn so much about us are let loose on a platform such as Facebook (that already knows so much about us), and what the consequences of a hack under these circumstances could be.

What Does This Mean for Your Business?

Bots could therefore mean that you could reduce costs, and add value to your services by putting bots to work to interact with your customers to enhance customer service. This could mean help and savings on labour, training and staffing, and could provide a source of competitive advantage that could be quickly added to or changed if/when needed. You could use bots for all stakeholder groups and thus you could gain a kind of virtual growth that is greater than the physical sum of your organisation’s parts.


Wordpress Website Weakness Worries From Recent Cyber Attack

Here in the UK Wordpress websites and blogs have caused a bit of a revolution. They’re relatively easy to set up, and they can be easily managed from anywhere using a web based login and user-friendly dashboard system.

These and other useful features such as the many plugins have made Wordpress and incredibly popular platform. In fact Wordpress now makes up 25% of all websites and as an IT Support company in Hertfordshire we have a great deal of experience of helping our customers to make their Wordpress business websites a productive and secure as possible. One potential weakness in Wordpress websites has however been highlighted by a recent DDoS cyber attack where the cyber criminals exploited the pingback feature in multiple Wordpress websites in order to use them as part of a cyber attack on another website.

What Happened?

In the latest reported Wordpress relates attack, researchers at Sucuri noticed that cyber criminals over a number of incidents used a huge network of 26,000 Wordpress websites to launch multiple Layer 7 (also known as flood) Denial of Service (DDoS) attacks. A Denial of Service (DDoS) attack is one where the perpetrator uses multiple compromised systems that are often infected with a Trojan virus to launch a single attack on one system.

In this most recent of a cyber attack involving Wordpress the perpetrators used a series of IP addresses (in the 185.130.5.0/24 range) to control the botnet of Wordpress sites. The 26,000 Wordpress websites were then used by the attacker to generate 10,000 to 11,000 HTTPS requests per second against one website. When subjected to a flood of requests of this kind (known as a Layer 7 or flood attack) servers are unable to handle the load, a large consumption of memory is caused, and the operation of the server is therefore seriously disrupted.

Nothing New For Wordpress

This recent DDoS attack is the most popular kind that is used against Wordpress, and is estimated to make up around 13% of all the attacks involving the system. The huge popularity and widespread knowledge of Wordpress are reasons why criminals continue to target the platform. According to Imperva’s 2015 annual Web Application Attack Report (WAAR) Wordpress is now thought to be the most attacked CMS with around 3.5. times more attacks than non-CMS applications. Only last year for example thousands of Wordpress sites were attacked or hijacked using malicious ‘Nutrino Exploit Kit’ code.

Some Protection Was In Place

The frequency of this kind of attack against Wordpress has meant that the system had an IP logging feature added to its version 3.9 to enable the IP address where ‘pingback’ requests originated to be noted. This should mean that the attacker’s IP shows in the log user agent. In this most recent case however the perpetrators were able to carry out an attack despite the logging feature being in place.

What Can You Do To Protect Your Website?

If you have a Wordpress website for your business one step that you can take to prevent it being used as part of a larger attack against other sites is to disable pingbacks. It is the pingback element of Wordpress that has repeatedly been responsible for so many of the attacks.


Could These New Ideas Protect Your Company From Rogue, Negative Online Reviews?

In these days of being able to share our opinions online and of placing our trust in online reviews of products and services, how can we be sure that the reviews we read or receive are true and fair?


As an IT Support Company in Hertfordshire we are fortunate enough to work with many businesses in the local area who pride themselves of providing quality products and great service to their customers. Displaying testimonials and reviews online are great ways to let potential new customers know the kind of positive experience they are likely to have if they sign up, but what if those reviews are used against us either as a form of unfair competition, or simply to damage our online reputation?

We All Use Reviews

Figures show that we all use and put a high degree of trust in online reviews. This is certainly true in our world of IT Support where we are essentially providing a service that can only really be experienced while it is being used. A 2015 Bright Local survey for example showed the proportion of consumers who read online reviews for products and services to be as high as 92%, and showed that as much as 40% of consumers form an opinion by reading just 1 to 3 reviews. Online reviews therefore can have a powerful influence on our purchasing decisions, and over the fortunes of a business. As any business that has experienced the result of one or more prominent bad reviews on e.g. Trip Advisor will know the negative impact on trade can be significant.

Misleading Practices

Although last year’s UK Competition and Markets Authority (CMA) report about online reviews and endorsements put the estimate of UK consumers who use online reviews at only 54% it did highlight one of the major concerns for businesses that has led to a lack of trust in online opinions i.e. potentially misleading practices. These include fake reviews being posted onto review sites, negative reviews not being published, and businesses paying for endorsements in blogs and other online articles without this being made clear to consumers.

A recent piece by the BBC highlighted the mixed online reviews of a Manhattan restaurant to introduce the subject of how new technology could help to cut down on misleading practices in online reviews and endorsements. This could of course benefit businesses, customers, and those who are most likely to be influenced by reviews, those who haven’t tried your product or service before. Some of the new technology that could help to restore trust in online reviews includes:

‘Twizoo’ for Twitter. This mobile app from a start-up reportedly works by weeding out paid-for and out-of-date reviews. The advantage of this app is that it takes into account a reviewer’s full social media profile and their tweets over time, and allocates a quality score. This means that it is much more difficult for fake reviews to be posted from recently set up accounts, or for friends and family of the business to influence reviews. This quality based system also reduces the clout that tweets have after a period of 3 months. This reduces the ability of dishonest tweets to have a lasting effect on the business, plus it gives a more accurate picture of the service that potential users can expect at the current time.

Yelp - secret source code. This secret algorithm at Yelp reportedly weeds out overly enthusiastic 5 star reviews.

Amazon - multiple measures. As well as constantly reviewing its own readers’ star rated reviewing system, Amazon reportedly favours reviews by standard rather than discounted paying customers as a way of improving review quality. It is also reported to have brought lawsuits against over 1,000 defendants for reviews abuse.

The Walt Disney World Wristband. This wristband system gathers information about wearer and what services they have actually used at Walt Disney World to match against the reviews.

More of a Level Playing Field in Future

The wider adoption of quality based systems like these could quite simply provide more of level playing field for businesses and could help to protect you from some of the more obvious, frustrating and damaging reviews that you may have received as a result of potentially misleading practices. These systems may also make it more difficult for some businesses to unfairly influence reviews in their favour.


Google Offers Protection In the Cloud From Popular Cyber Attacks

You may have noticed the number and frequency of high profile cyber attacks appearing to increase over the last year. One of the reasons for this is that some types of attack are relatively easy and inexpensive to launch, as well as being highly effective, and they offer the criminal a good degree of protection from detection.


A ‘Distributed Denial of Service’ (DDoS) is just such an attack, and has such it has become a very popular way for criminals to inflict damage to businesses. As an IT Support Company in Hertfordshire we often receive questions and requests from our customers about which systems provide the highest levels of security and protection from the known cyber threats. Google is now offering a service called “Project Shield” that is reported to offer and extra degree of protection in the safety of its Cloud - BUT only for certain types of websites at the moment.

The Threat of DDoS Attacks

DDoS attacks such as the one that a used a Pingback feature loophole to leverage 26,000 Wordpress websites, and similar to the attacks launched on Xbox Live and PlayStation Network gaming can be very disruptive and damaging. With DDoS the perpetrator uses multiple compromised systems that are often infected with a Trojan virus to launch a single attack on one system. The result is to overwhelm that system rendering it unavailable. It is estimated that a DDoS attack can cost the criminal around £30 to execute (presumably excluding labour costs) and it can be ordered anonymously. For the business that is the focus of the attack the results can not only be the temporary disruption, but the fallout from that disruption which can include lost customers, bad press and damage to reputation. In monetary terms estimates of the average cost of this kind of attack to a business is around the £300,000 mark.

Help From Google’s “Project Shield”

For those who run news, human rights or elections sites which host “free expression” content some comfort and protection can now be gained from the fact that Google is now offering protection in the safety of its Cloud as part of what it is calling “Project Shield”. The free service is inviting applications through its website https://projectshield.withgoogle.com/public/ . According to Google’s Project Shield if the online application is approved the successful webmaster will be emailed the configuration instructions, and provided they have administrative privileges for the website, and they can modify DNS records, protection for DDoS attacks for their website can be set up in as little as 10 minutes.

How It Works

Google’s Project Shield uses a technology known as “reverse proxy” to route a website’s traffic through Google’s infrastructure (Google Cloud Platform), whereby “illegitimate traffic” can be stopped from reaching the server. Google suggests that the service is akin to “a train conductor only letting ticketed passengers aboard”. Although it is unlikely to noticeably affect a website’s performance, users from countries where Google’s IP addresses are blocked will not be able to access the content served through Project Shield.


Apple to Pay Damages to Pensioner After ‘David and Goliath’ Phone Fix Court Battle

A Pimlico pensioner has won his case against Apple after a botched in-store ‘fix’ of his iPhone resulted in the permanent deletion of his treasured photos and videos.


The 12 month ‘David and Goliath’ battle between Pensioner Deric White from Pimlico in London and Apple over the incident resulted in a judge finding that Apple had been “negligent in the treatment of the claimant's telephone, causing the claimant’s loss of photographs of particular sentimental value, and the loss of all his contacts".

The counter argument by Apple’s spokesperson that Mr White hadn’t demonstrated that he’d lost anything was finally rejected because ‘difficulty’ in assessing damages didn’t mean that no compensation should be due to the Mr White. The London County Court judge finally awarded Mr White £2,000 in damages (£1,200 in compensation, and £800 in costs)

The Value of Backing Things Up

As a Hertfordshire based IT Support Company one of the important services we offer is online backup of our customers’ valuable files and data. The loss of files for businesses (and individuals like Mr White) can be very costly and disruptive, and it is always worth making sure that your have a robust backup in place. A system that works even in low bandwidth locations and with the support of locally placed backup provides a very secure backup solution.

In Mr White’s case it is unfortunate that he agreed to sign up for iCloud just after his phone’s bungled repair, at which point he was unaware that the photos, videos and contact information had already been lost. Even though Mr White received monetary damages, this is unlikely to be a substitute for his precious digital memories which included photos and videos of his once-in-a-lifetime honeymoon trip to the Seychelles.

How It Happened

Mr White’s loss of photos, videos, and contacts occurred when he took his Apple iPhone 5 to the Apple Store in Regent Street back in December 2014 in the hope that they could stop the text messages that he’s been receiving twice a day during his honeymoon asking him to re-set his password. The files were deleted by member of staff at the ‘Genius Bar’ in the store who tried to carry out a fix. Mr White, who had also just beaten cancer, said the loss of these precious digital memories had left his wife in tears and had left him livid. Mr White said that after being told that the problem with the phone had been “sorted”, he believed that the person knew what they had done and sent him on his way “like an imbecile”.


Hack of Wetherspoon’s Database Took 6 Months To Be Discovered

A hack of a JD Wetherspoon’s database that took place back in June 2015 was only just discovered in December it has been reported. The database in question contained the details of 657,000 customers as well as the details the company’s 15,000 staff.


The kind of data that we’re talking about in this case is believed to be personal data like email addresses, phone numbers and dates of birth. One other worrying aspect of the theft is that the hacked database contained the last four digits of the credit / debit cards of around 100 customers who had purchased Wetherspoon vouchers online. Obviously this aspect of the theft could have been worse but the whole episode highlights some very important points for all businesses in terms of online and data protection.

Protecting Your Business From Cyber Criminals

As a company offering IT Support Services in Hertfordshire and beyond one of the services that demand has increased noticeably for is IT Security, not just for bigger organisations but also for SME businesses. The reasons for prioritising security are that there has been a well publicised increase in cyber crime against all kinds and sizes of businesses recently. The fuel for this trend has been fast technological change and IT developments combined with ever-more adept cyber criminals sharing and using more sophisticated and creative methods. Attacks like the one against JD Wetherspoon’s database are becoming all too common for businesses across South East England. With increased cyber crime and with the introduction of new data protection regulations next year it is worth making sure that your business is a protected now.

How The JD Wetherspoon Database Hack Took Place

In the case of JD Wetherspoon, the criminals, thought to be from a Russia-based hacker group, targeted a database that was linked to an old version of their website that was still with the old host. This is one of the most likely reasons why the crime that occurred back in June has only recently been detected. The stolen customer details are from those signed up to receive the Wetherspoon’s newsletter, registered with The Cloud to use Wi-Fi in their pubs, submitted a contact us form on the website, and / or bought vouchers online prior to August 2014.

Not Detected by JD Wetherspoon

One of the worrying aspects of this hack was that it wasn’t actually detected at all by JD Wetherspoon, but only came to light thanks to a cyber intelligence group called CyberInt. They made the discovery while investigating another case where the breach reportedly came up in their Argos Cyber Threat Intelligence Platform via one of its sources (a cyber-crime forum on the Dark Web). CyberInt now believe that the stolen information is likely to be sold on a forum run by Russian hacker ‘w0rm’, and that JD Wetherspoon is probably one of many ‘Big Names’ targeted by the same hacker group.

Why?

The motivation for this and many similar crimes is likely to be use of the stolen data to commit more crime such as theft (of money & identity) and fraud. This type of crime can have a serious negative effect on the lives of those whose data has been stolen and sold. It is also worth remembering too that a theft like this can also damage to the reputation and the brand value of the company that the data was stolen from. In the case of JD Wetherspoon the fact that there was such a long gap between the crime and its detection meant that it also didn’t allow any time for customers affected to take any precautionary steps to prevent the criminals from taking money from their bank accounts.

Investigation

Since the crime’s detection the Information Commissioners Office (ICO) has been notified of the breach and a forensic investigation is now underway. JD Wetherspoon are reported to have said that that there are no indications that the stolen data has been used for fraudulent activity to date.

Protecting Your Business From Cyber Criminals

Falling victim to this kind of security breach and not reporting can mean large fines, greater reputational damage, and other legal consequences. Moves that you can make to protect your business include ensuring that security practices and systems are up to date and robust, and that they conform to best practice. The advice from the experts at CyberInt is that this can be best done by “collecting targeted cyber intelligence from thousands of sources including the dark web, the deep web, social networks and other sources, and by continuously assessing the organisation’s resilience to these attacks.”


Why We Still Prefer Not To Use Our Smartphones to Make Online Purchases

As a Herts based IT Support Company we are often asked about ways to reduce all-too-common e-commerce problems faced by businesses such as high shopping cart abandonment rates. A recent report by the Bamyard Institute highlights one cause as being the means by which customers access your online shop. According to the report 70% of online shop customers have been abandoning shopping baskets or carts when trying to buy something online using smartphones, choosing instead to use tablets or the desktop to actually make the purchase. This figure was arrived at by pooling the results of 32 different studies on statistics for e-commerce.


Other research figures such as those by The Centre For Retail Research also appear to support this finding. Their figures show that in 2015 in the UK only 16.5% of online spending was done by smartphone, compared to 71.4% by PC and 12.1% by tablet. The same study showed even less purchasing online by smartphone in the rest of Europe - only 7%.

Likely Causes

The most likely causes of this frustrating trend for businesses are the practicalities of handling a phone compared to a tablet or desktop. The current (and recent past) crop of mobile phones can be small and fiddly and can make it difficult to carry out many of the data input operations needed to make a purchase e.g. credit card and delivery address details.

Immediacy & A Good Response Rate

One advantage that mobile phones certainly have over the desktop or tablet for example is their immediacy i.e. they are always with us. This tends to mean that any special offers sent to then are likely to have a good response rate.

Getting Better

Although the use of smartphones to actually make a purchase appears to be less than you would expect, it is on the increase. For example UK Black Friday weekend shopping in November via smartphone totalled £472 million.

Possible Solutions To The Problem

Several new systems and different formats have been developed to help increase purchases made by mobile phones. Some high profile ones include:

  • The PowaTag system from Powa Technologies. With this e-commerce system all shoppers (who have downloaded the app) have to do to buy something is to wave their phone over a product or image containing digital tags, and tap the phone. This makes purchases faster and much less fiddly. For the system to work digital tags similar to quick response (QR) codes are inserted into emails, websites, posters, and images. The success of this system will of course depend upon large numbers of retailers to sign up and to use the tags
  • The Zen Shopping App. Shoppers using this system can compare prices to find the cheapest version of a product, be refunded if the product is not the cheapest, and have one-tap checkout at more than 100,000 stores including Amazon. The Zen Shopping App is only currently available to iPhone users in the U.S.
  • The Dashlane System. This system has 4 million users worldwide and can be used anywhere. It works like a secure digital wallet (similar to PayPal) and simplifies the checkout process by allowing you to store all your payment details using secure encrypted digital keys in a secure app or web browser extension. It works with all payment methods and all retail websites.


Blackmail Letters For ‘Have An Affair’ Dating Website Ex Members

One of the more newsworthy cyber crimes of last summer was the hacking of the Ashley Madison website that resulted in data of 33 million members being reported as stolen. The reason why the story hit the headlines in such a big way was because not only was this a large scale cyber crime, but because this was a dating website for married people famed for having a tagline 'Life is short, have an affair'.


After the initial wave of blackmail emails, it now seems that some ex members of the website are now receiving blackmail letters. Those targeted so far have been ex members living in Canada because this is where most of Ashley Madison’s members are based. The recent ‘snail mail’ extortionists are banking on those exposed members paying up to prevent their partners, wives and loved ones finding out that they were members of a website that appeared to facilitate affairs.

How Did This Happen?

It is widely believed that hackers calling themselves ‘The Impact Team’ were able to hack into a main database, and from there make several high profile data dumps, and put the on the ‘dark web’ where it could be accessed by cyber criminals using encrypted browsers. As well as the uncomfortable situation that many ex members find themselves in, it also seems like there could be more grief to come for Ashley Madison itself in the future. The hackers are reported as saying that they have 300 GB of employee emails in their possession, and tens of thousands of Ashley Madison user pictures and user messages.

Mostly Men

The vast majority of Ashley Madison members / ex members who had their details stolen are reported to be men (an estimated maximum of 14% were women). Within only 48 hours of the reports of the security breach going public dozens of Canadian citizens contacted legal firms in order to file lawsuits against Ashley Madison. An early public casualty of the exposure was U.S. reality TV star and ironically former executive director of the anti-abortion and pro-marriage group Family Research Council Josh Duggar. He then resigned from the post and publicly confessed his infidelity. There have also been 2 suicides in Canada linked to the leak.

What Is The Relevance of This Story?

As an IT Support Company in Hertfordshire, the relevance of us telling you about a dating site security hack that mostly affected Canadian members is that hackers can operate from anywhere in the world, can be very sophisticated and cunning in their methods, and would be willing to target the data of any business, including yours if a) if you make it easy for them to do so and b) if it has a value. As we have put things like CRMs and larger and more sophisticated databases at the centre of our businesses we have all become more tempting targets for cyber criminals.

The Latest - The Blackmail Letters

Security expert blogger Graham Cluley has reported that some ex members of the website are now receiving blackmail demands through the post. These letters are reported to be asking for sums around the £3,000 mark in order for the receiver to avoid their membership of the website being made known to their loved ones. The advice from online security experts like Graham Cluley is for recipients of the blackmail letters to ignore the demands and to share the letter with the authorities.


New Norton Report Says Millennial Generation Are Online Security Risks

It may not surprise you to know that younger adults tend on the whole to be more likely to perceive less risk in many situations compared to older generations. You may also believe that they are more likely to have a fuller understanding of all things IT and online. The new 2016 Norton Cyber Security Report however appears to indicate that online is an extension of offline for the ‘millennial generation’ who appear to be taking more risks with their online security than older generations.


Cyber Crime
The reality in 2016 is that whether you are an IT Support Company in Hertfordshire like us, an international business, or a local SME business in the South East, you are now at risk of an attack by cyber criminals. As we as a business community hear about more frequent and some very high profile cyber attacks, we are now prioritising our online and data security, and listening more to what the professionals have to say.

The New Norton Cyber Security Report
One of the main messages that the new Norton Cyber Security Report appears to deliver is that even though we may assume that the millennial generation are the most teach-savvy generation, they are also the generation who are less likely to heed warnings about cyber crime. This is surprising when you consider that they also the generation who are likely to have been informed most about the reports of cyber crime e.g. through their use of social media and due to the fact that the Web as one of if not the main source of news and information has only come about during their lifetime.

What the Stats Say
We as global consumers have spent an average of 21 hours and $358 per person over the last year dealing with online crime, and although the fear of cyber crime exists in the home and workplace, action to reduce the risks is often lacking.

Why Are the Millennial Generation More at Risk?
1. According to the 2016 Norton Security Report they are less security conscious when it comes to choosing and using passwords. 32 % of millennials in the UK share their passwords for online services compared to 13 % of baby boomers. Only 33% of millennials said they always use a secure password (the 8 character letter and number mix) compared to 49% of baby boomers. 2. One in five millennials for example felt like their chances of being compromised by cybercrime was negligible. This indicates that they appear to perceive less risk and don’t seem to fear the consequences of security breaches. These 2 factors together go some way towards explaining why 31% of millennials say they fallen victim to cyber crime.

The Lessons For Business
Based on the findings of the 2016 Norton Cyber Security Report business owners should not to assume that just because someone is young they are necessarily more web savvy, and therefore less of a security risk. To maintain an effective defence against cyber attack all staff members, regardless of age, should be briefed and made aware of how to work in a secure and compliant way online.

Other Findings
Other findings in the report such as the fact that nearly half of the millennials surveyed rely on credit card companies to protect them after a hack, could also suggest that younger staff members may be less prone to taking responsibility for the results of security breaches as well as being less cautious in the first place. This could suggest that they are more likely to be the source of security breaches and therefore may need frequent reminders of the risks and of your organisations security procedures and policies.

Is your business secure? Speak to GCIS to see how we can help.


How Cloud-Based Services can Evolve and Improve your Business Processes

Cloud-based services are much more than just a storage system and are rapidly transforming the way businesses communicate, store information and operate.


No matter what the industry, communication and efficiency are key. In recent years advances in email and mobile phone technology have helped pave the way to staying connected. But the Cloud is taking over!

Office 365 is a cloud-based service, taking the industry’s most recognised software and making it accessible from wherever you are in the world. With high tech security controls and back up systems in place, using Office 365 enables you to have remote access to emails, documents, contacts and calendars at the touch of a button. This eliminates paper work and saves time, ultimately improving efficiency and productivity in the workplace.

Employees will find transition to Office 365 smooth and efficient as it also runs the standard Microsoft software such as Word, PowerPoint, Excel and Publisher.

Using a standard Internet connection, this cloud offering allows both office-based and remote workers to access live information at any given time, supported with features such as instant messaging to drive productivity and help stay connected.

Skype for Business plays a big part in cloud software, being a key tool in bringing international companies closer together. Skype for Business offers the opportunity to host video conference calls to any worldwide location. This significantly reduces travel time, expenditure and other associated costs.

With any cloud-based software you also gain the advantage of being up-to-date at all times, with upgrades and downloads to install as they become available. This method of upgrading eliminates any associated costs that would normally be spent on engineers and IT specialists.

This saving can also be seen with hosted cloud services. Data centres have been set up around the UK and worldwide, home to all the required computer hardware and servers. Operated and run by IT specialists, the data centres are manned 24 hours a day, 7 days a week, to ensure servers are fully operational at all times. You essentially get all the benefits of an in-house server without the upfront and running costs making this an ideal option for new start-up businesses as well as SME’s looking to expand.

Ultimately, cloud-based solutions have transformed work processes so much that they are set to stay. They offer a company the opportunity to work in a modern, efficient and well-connected environment. However, with all your data located off-site you need to work with a company that you can trust. GCIS are IT specialists and offer a comprehensive range of technology solutions, from structured cabling, access control and telecom solutions, as well as a range of cloud solutions.

GCIS understand that no two businesses are the same and have a wide and varied portfolio working with small start-up businesses through to large corporate enterprises, offering bespoke products to suit any requirement. For more information on their range of services you can call 01438 347090 or email hello@gcis.co.uk.


New responsive website

Ahead of the Google update of the 21st April, we have launched our new responsive website.


Whilst our old website served us well, we decided that it was time to launch a new and improved version that reflects the company offering in 2015. Additionally we have created the website to be 'Mobile Friendly' ahead of the forthcoming Google update.

We hope you enjoy using the website and find that it provides the information you need quickly, with a minimum of hassle.

If you have any feedback, please get in touch.

Microsoft Registered PartnerMicrosoft Registered Partner hp Business Partnerhp Business Partner DELL Registered PartnerDELL Registered Partner excel Cisco Partner RegisteredCisco Partner Registered ZyXEL Solution Partner 2014ZyXEL Solution Partner 2014 AVG Silver ResellerAVG Silver Reseller Paxton Access Certified InstallerPaxton Access Certified Installer